Wednesday, August 25, 2010

Intrusion Detection Service in IPCOP

Intrusion Detection was stopped in my IPCoP, version 1.4.1, a while a go, I tried to start them all three through GUI but Got message fail to start.I loged in in console of Ipcop.I checked the existing version of snort, which was older than latest.

and replaced the one copied from my laptop and changed the permission to user nobody:nobody

root@firewall:/etc/snort/rules # chown -R nobody:nobody rules

Now IP cop has new rules list, although these rules were from new version of Snort 2.8.6When I restarted snort again from console with above command, this time no error and it started straight away.Then I can start and stop from GUI successfully.